<p>如果不使用RSA加密中的OAEP，则攻击者只需花费很少的精力即可解密数据或从密文中推断出模式。当文字值以<code> RSA / NONE </code> 开头时，此规则记录有问题。</p>
<h2>不规范代码样例</h2>

<pre>
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
</pre>
<h2>正确的代码样例</h2>

<pre>
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
</pre>
<h2>更多</h2>

<ul>
<li> <a href="http://cwe.mitre.org/data/definitions/780.html">MITRE CWE-780</a> - Use of RSA Algorithm without OAEP</li>
<li> <a href="http://cwe.mitre.org/data/definitions/327.html">MITRE CWE-327</a>: Use of a Broken or Risky Cryptographic Algorithm</li>
<li> <a href="https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration">OWASP Top Ten 2013 Category A5</a> - Security Misconfiguration</li>
<li> <a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure">OWASP Top Ten 2013 Category A6</a> - Sensitive Data Exposure</li>
<li> Derived from FindSecBugs rule <a href="http://h3xstream.github.io/find-sec-bugs/bugs.htm#RSA_NO_PADDING">RSA NoPadding Unsafe</a></li>
</ul>

